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IT Transformation 


Infrastructure & Application 


Digital Transformation 


Holistic Transformation of Business 
to Digital 


Cloud, Containers, laaS, PaaS, OT, 
lloT, loT, Mobility, Web apps, APIs, 
Mobile Apps 
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Containers 


Real game changer 


Hypervisor disappearing, bare 
metal is back 


Kubernetes Infrastructure-as-code 
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Containers — no servers? 


Container-as-a-Service AWS Fargate 


AWS Lambda function-as-a-service, 
serverless! 


Kubefed? 


“Priceline” for Containers? 
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DevOps 


This is real and highly contagious 


Developer decides how infrastructure 
runs in production 


Speeds up significantly how fast code 
goes to production 
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On-Prem 


Shrinking Datacenter Footprint 
Increasing OT & IloT 
Corp IT — more distributed & mobile 


More loT! 
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Enterprise 
Mobility != BYoD 


Enterprise owned handheld devices 
Indispensable to modern business 


Running apps handling sensitive business 
& consumer data 


. 
Mobile! 
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Web Apps & APIs 


Web Apps for the humans 
APIs for the inhumans 


Wide window into all your data 


SaaS 


More aaS everywhere 
No infrastructure to manage 


No Applications to code or manage 
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SaaS 


Lead the charge 
against bloated 
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Security 
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November 13, 1984 


PC Magazine about IBM PC AT 


"The AT provides the first real system for allowing executives to 
sleep at night: 


A hard-to-duplicate ‘tubular’ key locks all but key holders out of the 
system” 
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34 years later 


No magic key = No sleep at night! 
Same challenges x 10 
No visibility across global hybrid infrastructure 


Still need to do Vulnerability & Configuration 
management 


Still need to monitor integrity of systems (7 
More data incoming into "SIEM" deployments 
Basically no visibility to respond 


Compliance demands on new infrastructure 
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Future of Security 


Transparent Orchestration 


Built-in Automation the only real solution 
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Starts in DevOps 


DevSecOps 
Strict CI/CD pipeline controls 
Cl: Eliminate majority issues before prod 


CD: Embed security artifacts in Image 
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Agile SecOps 


SecOps focus on monitoring & response 


Drastically reduce security solutions 
deployed after the fact 


New generation of Security Analytics 
platforms — Data Lake 
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Qualys 
Platform Approach 


Embracing our own Digital 
Transformation 


Massive expansion of backend for 
visibility — 2+ Trillion security 
datapoints indexed 


Comprehensive coverage of sensors — 
scanners, agents, cloud connectors, 
container sensors, passive sniffers and 
mobile agents 
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Physical 


Legacy data centers 
Corporate infrastructure 


Continuous security and 
compliance scanning 


Qualys Sensor Platform 
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Virtual 


Private cloud infrastructure 
Virtualized Infrastructure 


Continuous security and 
compliance scanning 
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Cloud/Container 
Commercial laaS & PaaS 
clouds 


Pre-certified in market 
place 


Fully automated with API 
orchestration 


Continuous security and 
compliance scanning 
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Cloud Agents 
Light weight, multi- 
platform 


On premise, elastic 
cloud & endpoints 


Real-time data collection 


Continuous evaluation on 
platform for security and 
compliance 


Scalable, self-updating & centrally managed 


Passive 


Passively sniff on network 


Real-time device discovery 
& identification 


Identification of APT 
network traffic 


Extract malware files from 
network for analysis 


el 


API 


Integration with Threat Intel 
feeds 


CMDB Integration 


Log connectors 
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Platform Approach 


19 solutions on single platform . and 
counting — reduced agent fatigue 


DevOps friendly capabilities 
Solutions for CI/CD 


Extending solutions into remediation & 
response 
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Qualys 
Platform Approach 


Rapid expansion of R&D org 


Building dedicated Data Lake & Data 
Science team 


Key technology acquisitions & 
Investments 
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Acquisitions & Investments 


Nevis Passive Scanning & Secure Access Control 
Netwatcher Event Correlation Platform 
1 Mobility Enterprise Mobility 
Layered Insight Built-in Runtime Container Security 
42Crunch Investment API Security 


Adya SaaS Security and Compliance 


Frog 1 
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Qualys Cloud Apps 


| ASSET MANAGEMENT | MANAGEMENT 


(~) Asset Inventory CMDB Sync Cloud Inventory Certificate Inventory 
Maintain full, instant visibility of all your global IT Synchronize asset information from Qualys into Inventory of all your cloud assets across AWS, Inventory of TLS/SSL digital certificates on a global 
assets ServiceNow CMDB Azure, GCP and others scale 


(vm) Vulnerability Management Threat Protection (ew) Continuous Monitoring Indication of Compromise 
Continuously detect and protect against attacks, Pinpoint your most critical threats and Alerts you in real time about network Continuously monitor endpoints to detect 
anytime, anywhere prioritize patching irregularities 


suspicious activity 


Container Security Certificate Assessment Patch Management 


Discover, track, and continuously protect Assess all your digital certificates for TLS/SSL Select, manage, and deploy patches to 


containers vulnerabilities remediate vulnerabilities 


| COMPLIANCE MONITORING | MONITORING 


Policy Compliance 


PCI Compliance 


File Integrity Monitoring A| Security Configuration Assessment 


Assess security configurations of IT systems Automate, simplify and attain PCI compliance Log and track file changes across global IT systems Automate configuration assessment of global IT 
throughout your network quickly assets 
Cloud Security Assessment Security Assessment Questionnaire 
Get full visibility and control across all Minimize the risk of doing business with vendors and 
public cloud instances other third parties 


| WEB APPLICATION SECURITY | APPLICATION SECURITY 


Web Application Scanning Web Application Firewall 


Secure web applications with end-to-end Block attacks and virtually patch web application 
protection vulnerabilities 
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Q4 2018 releases 
O 2018 | 2019 


Patch Management - beta Global IT Asset Management 
(managed assets) — GA 


Passive Network Senor 
(unmanaged assets) — beta 
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2019 — even more apps to come! 


Patch Management — GA 
Passive Sensor — GA 

Secure Enterprise Mobility 
Secure Access Control 

API Security 

Software Composition Analysis 
Breach and Attack Simulation 


Security Data Lake & Correlation Platform 
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Unified Dashboards 
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Dashboards DASHBOARD 
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TOP EOL SOFTWARE PUBLISHERS TOTAL BY SEVERITY 
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MISSING PATCHES BY PLATFORM ASSETS WITH ACTIVE ZERO DAY AND NO PATCH AVAILABLE 
Server 2016: 3400 
Windows 7: 1200 
Server 2012: 872 
Server 2008: 4300 


Windows 10: 3200 1 D 6 8 K 
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11 ) 


TOP 5 FAILING POLICIES LICENCE OVERVIEW © Qualys. 


VM Anente 97/00 
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It's the Platform! 


(a real one) 


Cloud Platform Environment 
Security at scale on hybrid clouds 


19+ products providing comprehensive 


suite of security solutions D 

12,000+ customers 7. . 
7 shared cloud platforms across North © 
America, Europe & Asia 

70+ private clouds platforms deployed e n 


globally... on-prem, AWS, Azure, GCP 
16+ PB storage and 16,000 cores 


CES 
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Cloud Platform Highlights 


1+ trillion security events annually 
3+ billion scans annually 


2.5+ billion messages daily across Kafka 
clusters £ 


2+ Trillion data points indexed in our 
Elasticsearch clusters 


Unprecedented 2-second visibility o 
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Qualys Cloud Platform 


Sensors, Data Platform, Microservices, DevOps 


Application Services / Shared Services / Stream & Batch Processing / Reporting / Analytics 
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Cloud Agents Passive Scanners Scanners Appliances Virtual Scanners Internet Scanners 
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Integrated Suite 
of Applications 


Shared Services 


Messaging, Data, 
Analytics Platform 


Infrastructure and 
DevOps Toolchain 


Qualys Cloud Platform 
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Authentication Authorization Subscription Indexing 


Data Sync Tagging 
Service Service Service 


Service Service Service 


$ kafka LE’ @ceph elastic TE @redis Qin. 


\ cassandra 
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Advanced Correlation & Analytics 


ML/AI Service Orchestration & Automation UEBA 
Patterns | Outlier | Predictive SoC Integration | Playbooks | Response User & Entity Behavior Analytics 
Threat Hunting Security Analytics Advanced Correlation 
Search | Exploration | Behavior Graph Anomaly | Visualization | Dashboard Actionable Insights | Out-of-box Rules 


Qualys Security Data Lake Platform 
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Network Security Server End Point Qualys Apps Apps Cloud Users loT 


Qualys Quick Connectors 
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Thank You 


Sumedh Thakar 
sthakar@qualys.com 


